On Tuesday, Motherboard revealed that T-Mobile, AT&T, and Sprint were all selling their customers’ phone location data that ultimately ended up in the hands of bounty hunters, as well as people unauthorized to handle it at all. We found this by purchasing the capability to locate a phone from the black market for just $300. In response, several senators called for the Federal Communications Commission (FCC) to investigate, and brought up the prospect of greater regulation of the telecommunications industry.

Since publicizing this:

Now, AT&T says it is stopping the sale of all location data to so-called location aggregators, companies that sit in the supply chain between the telcos and clients, and which play a vital role in having that data trickle down to end users.

[…]

In several different tweets posted after Motherboard’s investigation, T-Mobile CEO John Legere reiterated that the company is also going to cut off all location aggregators, and that T-Mobile plans to have finished that process in March.

“For the second time in six months, carriers are pledging to stop sharing American’s location with middlemen without their knowledge. I’ll believe it when I see it. Carriers are always responsible for who ends up with their customers data—it’s not enough to lay the blame for misuse on downstream companies,” Wyden said in a statement.

He added “The time for taking these companies at their word is long past – Congress needs to pass strong legislation to protect Americans’ privacy and finally hold corporations accountable when they put your safety at risk by letting stalkers and criminals track your phone on the dark web.”